On Thu, 18 Nov 2004, 23:31 GMT+01 Ruud H.G. van Tol wrote:
Toen wij multimedia-fan(_at_)myrealbox(_dot_)com kietelden, kwam er dit uit:
Seeing that Yahoo and Gmail (so far that I know of) have implemented
domain keys and sender verification, has anyone found out a way of
verifying that in procmail or spam assassin?
That should be done in the SMTP-session, even before the DATA-phase,
and normally neither SpamAsassin nor procmail are involved at that
stage.
This is true for the outbound email server that signs the mail. The
inbound SMTP server *may* then verify the signature. However,
currently most inbound SMTP servers are not DomainKey aware and will
most likely simply ignore the "DomainKey-Signature:" and
"DomainKey-Status:" headers. Therefore, doing some verifying checks
through procmail would make sense if the MTA does not do that.
I find this useful especially in that cases where a spammer just adds
the header "DomainKey-Status: good" and that mail receives via a
DomainKey-unaware MTA. So, MUAs that respects the "DomainKey-Status:"
header and do some action based on its value, may be fooled. All
theoretically yet, of course.
rob.
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail